Privacy in Sensor-Driven Human Data Collection: A Guide for Practitioners

by | Mar 20, 2014 | Research Publications

Author(s):

  • Stopczynski, Arkadiusz
  • Pietri, Riccardo
  • Pentland, Alex
  • Lazer, David
  • Lehmann, Sune

Abstract:

In recent years, the amount of information collected about human beings has increased dramatically. This development has been partially driven by individuals posting and storing data about themselves and friends using online social networks or collecting their data for self-tracking purposes (quantified-self movement). Across the sciences, researchers conduct studies collecting data with an unprecedented resolution and scale. Using computational power combined with mathematical models, such rich datasets can be mined to infer underlying patterns, thereby providing insights into human nature. Much of the data collected is sensitive. It is private in the sense that most individuals would feel uncomfortable sharing their collected personal data publicly. For this reason, the need for solutions to ensure the privacy of the individuals generating data has grown alongside the data collection efforts. Out of all the massive data collection efforts, this paper focuses on efforts directly instrumenting human behavior, and notes that — in many cases — the privacy of participants is not sufficiently addressed. For example, study purposes are often not explicit, informed consent is ill-defined, and security and sharing protocols are only partially disclosed. This paper provides a survey of the work related to addressing privacy issues in research studies that collect detailed sensor data on human behavior. Reflections on the key problems and recommendations for future work are included. We hope the overview of the privacy-related practices in massive data collection studies can be used as a frame of reference for practitioners in the field. Although focused on data collection in an academic context, we believe that many of the challenges and solutions we identify are also relevant and useful for other domains where massive data collection takes place, including businesses and governments.

Document:

https://arxiv.org/abs/1403.5299

References:
  1. 1. Lazer D, Pentland A, Adamic L, Aral S, Barabasi A, et al. (2009) Life in the network: the coming age of computational social science. Science (New York, NY) 323: 721.
  2.  2. Eagle N, Pentland AS, Lazer D (2009) Inferring friendship network structure by using mobile phone data. Proceedings of the National Academy of Sciences 106: 15274–15278.
  3.  3. Chronis I, Madan A, Pentland A (2009) Socialcircuits: the art of using mobile phones for modeling personal interactions. In: Proceedings of the ICMI-MLMI’09 Workshop on Multimodal Sensor-Based Systems and Mobile Phones for Social Computing. ACM, p. 1.
  4.  4. Wu L, Waber B, Aral S, Brynjolfsson E, Pentland A (2008) Mining face-to-face interaction networks using sociometric badges: Predicting productivity in an it configuration task. Available at SSRN 1130251 .
  5.  5. Pentland AS (2008) Honest signals: how they shape our world. MIT Press.
  6.  6. Raento M, Oulasvirta A, Eagle N (2009) Smartphones an emerging tool for social scientists. Sociological methods & research 37: 426–454.
  7.  7. Olguín D, Madan A, Cebrian M, Pentland A (2011) Mobile sensing technologies and computational methods for collective intelligence. Next Generation Data Technologies for Collective Computational Intelligence : 575–597.
  8.  8. Gordon E, Cooper N, Rennie C, Hermens D, Williams L (2005) Integrative neuroscience: the role of a standardized database. Clinical EEG and Neuroscience 36: 64–75.
  9.  9. Various Authors (2012) The value of privacy. MIT Technology Review – Business Report .
  10.  10. Krumm J (2009) A survey of computational location privacy. Personal and Ubiquitous Computing 13: 391–399.
  11.  11. Korth A, Baumann S, Nürnberger A (2011) An interdisciplinary problem taxonomy for user privacy in social networking services. In: Workshop on Privacy for a Networked World.
  12.  12. Narayanan A, Shmatikov V (2008) Robust de-anonymization of large sparse datasets. In: Security and Privacy, 2008. SP 2008. IEEE Symposium on. IEEE, pp. 111–125.
  13.  13. Sweeney L (2000) Simple demographics often identify people uniquely. Health (San Francisco) : 1–34.
  14.  14. Barbaro M, Zeller T, Hansell S (2006) A face is exposed for aol searcher no. 4417749. New York Times 9: 8For.
  15.  15. de Montjoye YA, Hidalgo CA, Verleysen M, Blondel VD (2013) Unique in the crowd: The privacy bounds of human mobility. Scientific reports 3.
  16.  16. Altshuler Y, Aharony N, Elovici Y, Pentland A, Cebrian M (2011) Stealing reality: when criminals become data scientists (or vice versa). Security and Privacy in Social Networks : 133–151.
  17.  17. Warren SD, Brandeis LD (1890) The right to privacy. Harvard law review 4: 193–220.
  18.  18. Westin AF, Blom-Cooper L (1970) Privacy and freedom. Bodley Head London.
  19.  19. Cate FH (1997) Privacy in the information age. Brookings Inst Press.
  20.  20. Aharony N, Pan W, Ip C, Khayal I, Pentland A (2011) Social fmri: Investigating and shaping social mechanisms in the real world. Pervasive and Mobile Computing .
  21.  21. Madan A, Cebrian M, Moturu S, Farrahi K, Pentland S (2011) Sensing the ‘health state’ of a community. Pervasive Computing .
  22.  22. Eagle N, Pentland A (2006) Reality mining: sensing complex social systems. Personal and Ubiquitous Computing 10: 255–268.
  23.  23. Eagle N, Pentland A (2003) Social network computing. In: UbiComp 2003: Ubiquitous Computing. Springer, pp. 289–296.
  24.  24. Karikoski J, Nelimarkka M (2011) Measuring social relations with multiple datasets. International Journal of Social Computing and Cyber-Physical Systems 1: 98–113.
  25.  25. Aad I, Niemi V (2010) Nrc data collection and the privacy by design principles. Proc of PhoneSense : 41–45.
  26.  26. Kiukkonen N, Blom J, Dousse O, Gatica-Perez D, Laurila J (2010) Towards rich mobile phone datasets: Lausanne data collection campaign. Proc ICPS, Berlin .
  27.  27. Laurila J, Gatica-Perez D, Aad I, Blom J, Bornet O, et al. (2012) The mobile data challenge: Big data for mobile computing research. In: Mobile Data Challenge by Nokia Workshop, in conjunction with Int. Conf. on Pervasive Computing, Newcastle, UK.
  28.  28. Shakimov A, Lim H, Cáceres R, Cox LP, Li K, et al. (2011) Vis-a-vis: Privacy-preserving online social networking via virtual individual servers. In: Communication Systems and Networks (COMSNETS), 2011 Third International Conference on. IEEE, pp. 1–10.
  29.  29. Hong J, Landay J (2004) An architecture for privacy-sensitive ubiquitous computing. In: Proceedings of the 2nd international conference on Mobile systems, applications, and services. ACM, pp. 177–189.
  30.  30. Gemmell J, Bell G, Lueder R (2006) Mylifebits: a personal database for everything. Communications of the ACM 49: 88–95.
  31.  31. Gemmell J, Bell G, Lueder R, Drucker S, Wong C (2002) Mylifebits: fulfilling the memex vision. In: Proceedings of the tenth ACM international conference on Multimedia. ACM, pp. 235–238.
  32.  32. Popa R, Balakrishnan H, Blumberg A (2009) Vpriv: protecting privacy in location-based vehicular services. In: Proceedings of the 18th conference on USENIX security symposium. USENIX Association, pp. 335–350.
  33.  33. Rivest RL, Adleman L, Dertouzos ML (1978) On data banks and privacy homomorphisms. Foundations of secure computation 4: 169–180.
  34.  34. Molina A, Salajegheh M, Fu K (2009) Hiccups: health information collaborative collection using privacy and security. In: Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems. ACM, pp. 21–30.
  35.  35. Miluzzo E, Cornelius C, Ramaswamy A, Choudhury T, Liu Z, et al. (2010) Darwin phones: the evolution of sensing and inference on mobile phones. In: Proceedings of the 8th international conference on Mobile systems, applications, and services. ACM, pp. 5–20.
  36.  36. Cornelius C, Kapadia A, Kotz D, Peebles D, Shin M, et al. (2008) Anonysense: privacy-aware people-centric sensing. In: Proceedings of the 6th international conference on Mobile systems, applications, and services. ACM, pp. 211–224.
  37.  37. Kapadia A, Triandopoulos N, Cornelius C, Peebles D, Kotz D (2008) Anonysense: Opportunistic and privacy-preserving context collection. Pervasive Computing : 280–297.
  38.  38. Sweeney L (2002) k-anonymity: A model for protecting privacy. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems 10: 557–570.
  39.  39. Mazzia A, LeFevre K, Adar E (2012) The pviz comprehension tool for social network privacy settings. In: Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, p. 13.
  40.  40. Kapadia A, Henderson T, Fielding J, Kotz D (2007) Virtual walls: Protecting digital privacy in pervasive environments. Pervasive Computing : 162–179.
  41.  41. Kagal L, Finin T, Joshi A (2003) A policy based approach to security for the semantic web. The Semantic Web-ISWC 2003 : 402–418.
  42.  42. Miluzzo E, Lane N, Fodor K, Peterson R, Lu H, et al. (2008) Sensing meets mobile social networks: the design, implementation and evaluation of the cenceme application. In: Proceedings of the 6th ACM conference on Embedded network sensor systems. ACM, pp. 337–350.
  43.  43. Ganti R, Pham N, Ahmadi H, Nangia S, Abdelzaher T (2010) Greengps: A participatory sensing fuel-efficient maps application. In: Proceedings of the 8th international conference on Mobile systems, applications, and services. ACM, pp. 151–164.
  44.  44. Ganti RK, Pham N, Tsai YE, Abdelzaher TF (2008) Poolview: stream privacy for grassroots participatory sensing. In: Proceedings of the 6th ACM conference on Embedded network sensor systems. ACM, pp. 281–294.
  45.  45. Vosoughi S, Goodwin MS, Washabaugh B, Roy D (2012) A portable audio/video recorder for longitudinal study of child development. In: Proceedings of the 14th ACM international conference on Multimodal interaction. ACM, pp. 193–200.
  46.  46. Roy D, Patel R, DeCamp P, Kubat R, Fleischman M, et al. (2006) The human speechome project. Symbol Grounding and Beyond : 192–196.
  47.  47. Kostakos V, O’Neill E (2008) Cityware: Urban computing to bridge online and real-world social networks. Handbook of research on urban informatics: The practice and promise of the real-time city : 195–204.
  48.  48. Quercia D, Capra L (2009) Friendsensing: recommending friends using mobile phones. In: Proceedings of the third ACM conference on Recommender systems. ACM, pp. 273–276.
  49.  49. Ypodimatopoulos P, Lippman A (2010) ’follow me’: a web-based, location-sharing architecture for large, indoor environments. In: Proceedings of the 19th international conference on World wide web. ACM, pp. 1375–1378.
  50.  50. Toch E, Cranshaw J, Drielsma PH, Tsai JY, Kelley PG, et al. (2010) Empirical models of privacy in location sharing. In: Proceedings of the 12th ACM international conference on Ubiquitous computing. pp. 129–138.
  51.  51. Mahato H, Kern D, Holleis P, Schmidt A (2008) Implicit personalization of public environments using bluetooth. In: CHI’08 extended abstracts on Human factors in computing systems. ACM, pp. 3093–3098.
  52.  52. Friedman B, Lin P, Miller J (2005) Informed consent by design. Security and Usability : 495–521.
  53.  53. Beauchamp TL, Childress JF (2001) Principles of biomedical ethics. Oxford university press.
  54.  54. Utley GJAER, et al. (1992) The Nazi Doctors and the Nuremberg Code: Human Rights in Human Experimentation: Human Rights in Human Experimentation. Oxford University Press.
  55.  55. Faden RR, Beauchamp TL, King NM (1986) A history and theory of informed consent .
  56.  56. Applebaum PS, Lidz CW, Meisel A (1987) Informed consent: Legal theory and clinical practice. Oxford University Press.
  57.  57. Berg JW, Appelbaum PS, Lidz CW, Parker LS (2001) Informed consent: legal theory and clinical practice .
  58.  58. Madan A, Moturu ST, Lazer D, Pentland AS (2010) Social sensing: obesity, unhealthy eating and exercise in face-to-face networks. In: Wireless Health 2010. ACM, pp. 104–110.
  59.  59. Madan A, Farrahi K, Gatica-Perez D, Pentland A (2011) Pervasive sensing to model political opinions in face-to-face networks. Pervasive Computing : 214–231.
  60.  60. Olguín D, Waber B, Kim T, Mohan A, Ara K, et al. (2009) Sensible organizations: Technology and methodology for automatically measuring organizational behavior. Systems, Man, and Cybernetics, Part B: Cybernetics, IEEE Transactions on 39: 43–55.
  61.  61. Kotz D, Avancha S, Baxi A (2009) A privacy framework for mobile health and home-care systems. In: Proceedings of the first ACM workshop on Security and privacy in medical and home-care systems. ACM, pp. 1–12.
  62.  62. Böhme R, Köpsell S (2010) Trained to accept?: A field experiment on consent dialogs. In: Proceedings of the 28th international conference on Human factors in computing systems. ACM, pp. 2403–2406.
  63.  63. Cassileth BR, Zupkis RV, Sutton-Smith K, March V (1980) Informed consent–why are its goals imperfectly realized? The New England journal of medicine 302: 896–900.
  64.  64. Paasche-Orlow MK, Taylor HA, Brancati FL (2003) Readability standards for informed-consent forms as compared with actual readability. New England journal of medicine 348: 721–726.
  65.  65. Sugarman J, McCrory DC, Powell D, Krasny A, Adams B, et al. (1999) Empirical research on informed consent: an annotated bibliography. Hastings Center Report 29: s1–s42.
  66.  66. Lavori PW, Sugarman J, Hays MT, Feussner JR (1999) Improving informed consent in clinical trials: a duty to experiment. Controlled clinical trials 20: 187–193.
  67.  67. Egelman S, Felt A, Wagner D (2012) Choice architecture and smartphone privacy: There’s a price for that. In: Workshop on the Economics of Information Security (WEIS).
  68.  68. Felt A, Greenwood K, Wagner D (2011) The effectiveness of application permissions. In: Proc. of the USENIX Conference on Web Application Development.
  69.  69. Cranor L (2006) What do they indicate?: evaluating security and privacy indicators. interactions 13: 45–47.
  70.  70. Flory J, Emanuel E (2004) Interventions to improve research participants’ understanding in informed consent for research. JAMA: the journal of the American Medical Association 292: 1593–1601.
  71.  71. for the Proptection of Human Subjects of Biomedical NC, Behavioral Research M Bethesda (1978) The Belmont report: Ethical principles and guidelines for the protection of human subjects of research. ERIC Clearinghouse.
  72.  72. Saif M, et al. (2000) World medical association declaration of helsinki: ethical principles for medical research involving human subjects. Jama 284: 3043–3045.
  73.  73. Dunn LB, Lindamer LA, Palmer BW, Golshan S, Schneiderman LJ, et al. (2002) Improving understanding of research consent in middle-aged and elderly patients with psychotic disorders. The American journal of geriatric psychiatry 10: 142–150.
  74.  74. Agre P, Campbell FA, Goldman BD, Boccia ML, Kass N, et al. (2003) Improving informed consent: the medium is not the message. IRB: Ethics and Human Research 25: S11–S19.
  75.  75. Fureman I, Meyers K, McLellan AT, Metzger D, Woody G (1997) Evaluation of a video-supplement to informed consent: injection drug users and preventive hiv vaccine efficacy trials. AIDS education and prevention: official publication of the International Society for AIDS Education 9: 330–341.
  76.  76. Weston J, Hannah M, Downes J (1997) Evaluating the benefits of a patient information video during the informed consent process. Patient education and counseling 30: 239–245.
  77.  77. Shabajee P (2006) Informed consent on the semantic web-issues for interaction and interface designers. In: 3rd International Semantic Web User Interaction Workshop.¡ http://swui. semanticweb. org/swui06/papers/Shabajee/Shabajee. pdf¿(retrieved 15.11. 10).
  78.  78. Lindqvist J, Cranshaw J, Wiese J, Hong J, Zimmerman J (2011) I’m the mayor of my house: examining why people use foursquare-a social-driven location sharing application. In: Proceedings of the 2011 annual conference on Human factors in computing systems. ACM, pp. 2409–2418.
  79.  79. Avancha S, Baxi A, Kotz D (2009) Privacy in mobile technology for personal healthcare. Submitted to ACM Computing Surveys .
  80.  80. Toch E, Sadeh N, Hong J (2010) Generating default privacy policies for online social networks. In: Proceedings of the 28th of the international conference extended abstracts on Human factors in computing systems. ACM, pp. 4243–4248.
  81.  81. de Montjoye YA, Wang SS, Pentland A, Anh DTT, Datta A, et al. (2012) On the trusted use of large-scale personal data. IEEE Data Eng Bull 35: 5–8.
  82.  82. Siminoff LA (2003) Toward improving the informed consent process in research with humans. IRB: Ethics and Human Research 25: S1–S3.
  83.  83. Hayden EC (2012). ”informed consent: A broken contract”. URL http://www.nature.com/news/informed-consent-a-broken-contract-1.10862.
  84.  84. (2012). ”time to open up”. doi:doi:10.1038/486293a. URL http://www.nature.com/nature/journal/v486/n7403/full/486293a.html.
  85.  85. Lunshof JE, Chadwick R, Vorhaus DB, Church GM (2008) From genetic privacy to open consent. Nature Reviews Genetics 9: 406–411.
  86.  86. (2013). ”critics urge caution as uk genome project hunts for volunteers”. URL http://www.theguardian.com/science/2013/nov/07/personal-genome-project-uk-launch.
  87.  87. Drummond DC (2009) Replicability is not reproducibility: Nor is it good science .
  88.  88. Reinhart CM, Rogoff KS (2010) Growth in a time of debt. Technical report, National Bureau of Economic Research.
  89.  89. Donohue J, Levitt SD (2001) The impact of legalized abortion on crime. Quarterly Journal of Economics 116.
  90.  90. Bertrand KZ, Bialik M, Virdee K, Gros A, Bar-Yam Y (2013) Sentiment in new york city: A high resolution spatial and temporal view. arXiv preprint arXiv:13085010 .
  91.  91. BOHANNON J (2013). ScienceShot: The Saddest Spot in New York. http://news.sciencemag.org/brain-behavior/2013/08/scienceshot-saddest-spot-new-york.
  92.  92. Bissell M (2013) Reproducibility: The risks of the replication drive. Nature 503: 333–334.
  93.  93. Klasnja P, Consolvo S, Choudhury T, Beckwith R, Hightower J (2009) Exploring privacy concerns about personal sensing. Pervasive Computing : 176–183.
  94.  94. Felt A, Ha E, Egelman S, Haney A, Chin E, et al. (2012) Android permissions: User attention, comprehension, and behavior. In: Proceedings of the Eighth Symposium on Usable Privacy and Security. ACM, p. 3.
  95.  95. Shapiro R, Ossorio P (2013) Regulation of online social network studies. Science 339: 144–145.
  96.  96. Underwood MK, Rosen LH, More D, Ehrenreich SE, Gentsch JK (2012) The blackberry project: Capturing the content of adolescents’ text messaging. Developmental psychology 48: 295.
  97.  97. Stutzman F, Gross R, Acquisti A (2013) Silent listeners: The evolution of privacy and disclosure on facebook. Journal of Privacy and Confidentiality 4: 2.
  98.  98. Scarfone K, Hoffman P (2009) Guidelines on firewalls and firewall policy. NIST Special Publication 800: 41.
  99.  99. Scarfone K, Mell P (2007) Guide to intrusion detection and prevention systems (idps). NIST Special Publication 800: 94.
  100.  100. Hay B, Nance K, Bishop M (2011) Storm clouds rising: security challenges for iaas cloud computing. In: System Sciences (HICSS), 2011 44th Hawaii International Conference on. IEEE, pp. 1–7.
  101.  101. Fernando N, Loke SW, Rahayu W (2012) Mobile cloud computing: A survey. Future Generation Computer Systems .
  102.  102. Calluru Rajasekar N, Imafidon C (2010) Exploitation of vulnerabilities in cloud storage. In: CLOUD COMPUTING 2010, The First International Conference on Cloud Computing, GRIDs, and Virtualization. pp. 122–127.
  103.  103. Hashizume K, Rosado DG, Fernández-Medina E, Fernandez EB (2013) An analysis of security issues for cloud computing. Journal of Internet Services and Applications 4: 5.
  104.  104. Ristenpart T, Tromer E, Shacham H, Savage S (2009) Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds. In: Proceedings of the 16th ACM conference on Computer and communications security. ACM, pp. 199–212.
  105.  105. King ST, Chen PM (2006) Subvirt: Implementing malware with virtual machines. In: Security and Privacy, 2006 IEEE Symposium on. IEEE, pp. 14–pp.
  106.  106. Aviram A, Hu S, Ford B, Gummadi R (2010) Determinating timing channels in compute clouds. In: Proceedings of the 2010 ACM workshop on Cloud computing security workshop. ACM, pp. 103–108.
  107.  107. Zhang Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-vm side channels and their use to extract private keys. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp. 305–316.
  108.  108. Hull B, Bychkovsky V, Zhang Y, Chen K, Goraczko M, et al. (2006) Cartel: a distributed mobile sensor computing system. In: Proceedings of the 4th international conference on Embedded networked sensor systems. ACM, pp. 125–138.
  109.  109. Raij A, Ghosh A, Kumar S, Srivastava M (2011) Privacy risks emerging from the adoption of innocuous wearable sensors in the mobile environment. In: Proceedings of the 2011 annual conference on Human factors in computing systems. ACM, pp. 11–20.
  110.  110. Lane N, Xie J, Moscibroda T, Zhao F (2012) On the feasibility of user de-anonymization from shared mobile sensor data. In: Proceedings of the Third International Workshop on Sensing Applications on Mobile Phones. ACM, p. 3.
  111.  111. de Montjoye YA, Quoidbach J, Robic F, Pentland AS (2013) Predicting personality using novel mobile phone-based metrics. In: Social Computing, Behavioral-Cultural Modeling and Prediction, Springer. pp. 48–55.
  112.  112. Li T, Li N (2009) On the tradeoff between privacy and utility in data publishing. In: Proceedings of the 15th ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, pp. 517–526.
  113.  113. Fung B, Wang K, Chen R, Yu PS (2010) Privacy-preserving data publishing: A survey of recent developments. ACM Computing Surveys (CSUR) 42: 14.
  114.  114. Agrawal R, Srikant R (2000) Privacy-preserving data mining. In: ACM Sigmod Record. ACM, volume 29, pp. 439–450.
  115.  115. Agrawal D, Aggarwal CC (2001) On the design and quantification of privacy preserving data mining algorithms. In: Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems. ACM, pp. 247–255.
  116.  116. Evfimievski A, Gehrke J, Srikant R (2003) Limiting privacy breaches in privacy preserving data mining. In: Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems. ACM, pp. 211–222.
  117.  117. Dinur I, Nissim K (2003) Revealing information while preserving privacy. In: Proceedings of the twenty-second ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems. ACM, pp. 202–210.
  118.  118. Dwork C, Nissim K (2004) Privacy-preserving datamining on vertically partitioned databases. In: Advances in Cryptology–CRYPTO 2004. Springer, pp. 134–138.
  119.  119. Blum A, Dwork C, McSherry F, Nissim K (2005) Practical privacy: the sulq framework. In: Proceedings of the twenty-fourth ACM SIGMOD-SIGACT-SIGART symposium on Principles of database systems. ACM, pp. 128–138.
  120.  120. Dwork C, Kenthapadi K, McSherry F, Mironov I, Naor M (2006) Our data, ourselves: Privacy via distributed noise generation. Advances in Cryptology-EUROCRYPT 2006 : 486–503.
  121.  121. Chawla S, Dwork C, McSherry F, Smith A, Wee H (2005) Toward privacy in public databases. Theory of Cryptography : 363–385.
  122.  122. Chawla S, Dwork C, McSherry F, Talwar K (2012) On privacy-preserving histograms. arXiv preprint arXiv:12071371 .
  123.  123. Stopczynski A, Sekara V, Sapiezynski P, Cuttone A, Larsen JE, et al. (2014) Measuring large-scale social networks with high resolution. arXiv preprint arXiv:14017233 .
  124.  124. Shokri R, Theodorakopoulos G, Le Boudec J, Hubaux J (2011) Quantifying location privacy. In: Security and Privacy (SP), 2011 IEEE Symposium on. IEEE, pp. 247–262.
  125.  125. Machanavajjhala A, Kifer D, Gehrke J, Venkitasubramaniam M (2007) l-diversity: Privacy beyond k-anonymity. ACM Transactions on Knowledge Discovery from Data (TKDD) 1: 3.
  126.  126. Li N, Li T, Venkatasubramanian S (2007) t-closeness: Privacy beyond k-anonymity and l-diversity. In: Data Engineering, 2007. ICDE 2007. IEEE 23rd International Conference on. IEEE, pp. 106–115.
  127.  127. Cavoukian A, El Emam K (2011) Dispelling the Myths Surrounding De-identification: Anonymization Remains a Strong Tool for Protecting Privacy. Information and Privacy Commissioner of Ontario, Canada.
  128.  128. Gentry C (2009) A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University.
  129.  129. Franz M, Deiseroth B, Hamacher K, Jha S, Katzenbeisser S, et al. (2012) Secure computations on non-integer values with applications to privacy-preserving sequence analysis. Information Security Technical Report .
  130.  130. TEBAA M, EL HAJJI S, EL GHAZI A (2012) Homomorphic encryption applied to the cloud computing security. Lecture Notes in Engineering and Computer Science 2197.
  131.  131. Naehrig M, Lauter K, Vaikuntanathan V (2011) Can homomorphic encryption be practical? In: Proceedings of the 3rd ACM workshop on Cloud computing security workshop. ACM, pp. 113–124.
  132.  132. Srivatsa M, Hicks M (2012) Deanonymizing mobility traces: using social network as a side-channel. In: Proceedings of the 2012 ACM conference on Computer and communications security. ACM, pp. 628–637.
  133.  133. Mislove A, Viswanath B, Gummadi KP, Druschel P (2010) You are who you know: inferring user profiles in online social networks. In: Proceedings of the third ACM international conference on Web search and data mining. ACM, pp. 251–260.
  134.  134. Tene O, Polonetsky J (2012) Big data for all: Privacy and user control in the age of analytics. Northwestern Journal of Technology and Intellectual Property, Forthcoming .
  135.  135. Aggarwal CC, Abdelzaher T Social sensing. Managing and Mining Sensor Data .
  136.  136. Kosinski M, Stillwell D, Graepel T (2013) Private traits and attributes are predictable from digital records of human behavior. Proceedings of the National Academy of Sciences 110: 5802–5805.
  137.  137. Zhou B, Pei J (2008) Preserving privacy in social networks against neighborhood attacks. In: Data Engineering, 2008. ICDE 2008. IEEE 24th International Conference on. IEEE, pp. 506–515.
  138.  138. Cheng J, Fu AWc, Liu J (2010) K-isomorphism: privacy preserving network publication against structural attacks. In: Proceedings of the 2010 ACM SIGMOD International Conference on Management of data. ACM, pp. 459–470.
  139.  139. Davis Jr CA, Pappa GL, de Oliveira DRR, de L Arcanjo F (2011) Inferring the location of twitter messages based on user relationships. Transactions in GIS 15: 735–751.
  140.  140. Zheleva E, Getoor L (2009) To join or not to join: the illusion of privacy in social networks with mixed public and private user profiles. In: Proceedings of the 18th international conference on World wide web. ACM, pp. 531–540.
  141.  141. Chester S, Srivastava G (2011) Social network privacy for attribute disclosure attacks. In: Advances in Social Networks Analysis and Mining (ASONAM), 2011 International Conference on. IEEE, pp. 445–449.
  142.  142. Qiu L, Zhang Y, Wang F, Kyung M, Mahajan HR (1985) Trusted computer system evaluation criteria. In: National Computer Security Center. Citeseer.
  143.  143. Kotz D (2011) A threat taxonomy for mhealth privacy. In: Communication Systems and Networks (COMSNETS), 2011 Third International Conference on. IEEE, pp. 1–6.
  144.  144. Duckham M (2010) Moving forward: location privacy and location awareness. In: Proceedings of the 3rd ACM SIGSPATIAL International Workshop on Security and Privacy in GIS and LBS. ACM, pp. 1–3.
  145.  145. Zdancewic SA (2002) Programming languages for information security. Ph.D. thesis, Cornell University.
  146.  146. Sfaxi L, Abdellatif T, Robbana R, Lakhnech Y (2010) Information flow control of component-based distributed systems. Concurrency and Computation: Practice and Experience .
  147.  147. Zeldovich N, Boyd-Wickizer S, Mazieres D (2008) Securing distributed systems with information flow control. NSDI.
  148.  148. Zhang Q, McCullough J, Ma J, Schear N, Vrable M, et al. (2010) Neon: system support for derived data management. In: ACM Sigplan Notices. ACM, volume 45, pp. 63–74.
  149.  149. Konings B, Piendl D, Schaub F, Weber M (2011) Privacyjudge: Effective privacy controls for online published information. In: Privacy, security, risk and trust (passat), 2011 ieee third international conference on and 2011 ieee third international conference on social computing (socialcom). IEEE, pp. 935–941.
  150.  150. Mundada Y, Ramachandran A, Feamster N (2011) Silverline: Data and network isolation for cloud services. Proc of 3rd HotCloud .
  151.  151. Pappas V, Kemerlis V, Zavou A, Polychronakis M, Keromytis AD (2012) Cloudfence: Enabling users to audit the use of their cloud-resident data .
  152.  152. Ganjali A, Lie D (2012) Auditing cloud administrators using information flow tracking .
  153.  153. Krohn M, Yip A, Brodsky M, Cliffer N, Kaashoek MF, et al. (2007) Information flow control for standard os abstractions. In: ACM SIGOPS Operating Systems Review. ACM, volume 41, pp. 321–334.
  154.  154. Demsky B (2011) Cross-application data provenance and policy enforcement. ACM Transactions on Information and System Security (TISSEC) 14: 6.
  155.  155. Castelluccia C, De Cristofaro E, Francillon A, Kaafar MA (2011) Ephpub: Toward robust ephemeral publishing. In: Network Protocols (ICNP), 2011 19th IEEE International Conference on. IEEE, pp. 165–175.
  156.  156. Boneh D, Lipton R (1996) A revocable backup system. In: USENIX Security Symposium. pp. 91–96.
  157.  157. Perlman R (2005) The ephemerizer: Making data disappear .
  158.  158. Perlman R (2005) File system design with assured delete. In: Security in Storage Workshop, 2005. SISW’05. Third IEEE International. IEEE, pp. 6–pp.
  159.  159. Geambasu R, Kohno T, Levy A, Levy HM (2009) Vanish: Increasing data privacy with self-destructing data. In: Proc. of the 18th USENIX Security Symposium. p. 56.
  160.  160. Naor M, Shamir A (1995) Visual cryptography. In: Advances in Cryptology—EUROCRYPT’94. Springer, pp. 1–12.
  161.  161. Wolchok S, Hofmann OS, Heninger N, Felten EW, Halderman JA, et al. (2010) Defeating vanish with low-cost sybil attacks against large dhts. In: Proc. of NDSS.
  162.  162. Tang Y, Lee P, Lui J, Perlman R (2012) Secure overlay cloud storage with access control and assured deletion .
  163.  163. Agrawal R, Haas PJ, Kiernan J (2003) Watermarking relational data: framework, algorithms and analysis. The VLDB journal 12: 157–169.
  164.  164. Cox IJ, Miller ML, Bloom JA (2000) Watermarking applications and their properties. In: Information Technology: Coding and Computing, 2000. Proceedings. International Conference on. IEEE, pp. 6–10.
  165.  165. Cox IJ, Linnartz JP (1998) Some general methods for tampering with watermarks. Selected Areas in Communications, IEEE Journal on 16: 587–593.
  166.  166. Guo F, Wang J, Zhang Z, Ye X, Li D (2006) An improved algorithm to watermark numeric relational data. In: Information Security Applications, Springer. pp. 138–149.
  167.  167. White J, Thompson D (2006) Using synthetic decoys to digitally watermark personally-identifying data and to promote data security. In: Security and Management. pp. 91–99.
  168.  168. Sharad K, Danezis G De-anonymizing d4d datasets .
  169.  169. (2012). the other challenge: providing information while respecting privacy. http://www.orange.com/en/D4D/Folder/anonymous-data.
  170.  170. Hundepool A, de Wolf PP (2005) Onsite@ home: Remote access at statistics netherlands. Monographs of official statistics : 47.
  171.  171. Borchsenius L (2005) New developments in the danish system for access to micro data. Monographs of official statistics : 13–20.
  172.  172. Hjelm CG (2005) Mona-microdata on-line access at statistics sweden. Monographs of official statistics : 21–28.
  173.  173. Regulation C (1997) Council regulation (ec) no 322/97 of 17 february 1997 on community statistics. Official Journal L 52: 1–7.
  174.  174. Directive E (1995) 95/46/ec of the european parliament and of the council of 24 october 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the EC 23: 6.
  175.  175. Fitzgerald AM, Pappalardo KM, Fitzgerald BF, Austin AC, Abbot JW, et al. (2007) Building the infrastructure for data access and reuse in collaborative research: An analysis of the legal context .
  176.  176. Ruggles S, King ML, Levison D, McCaa R, Sobek M (2003) Ipums-international. Historical Methods: A Journal of Quantitative and Interdisciplinary History 36: 60–65.
  177.  177. McCaa R, Esteve A (2005) Ipums-europe: Confidentiality measures for licensing and disseminating restricted-access census microdata extracts to academic users. Monographs of official statistics: Work session on statistical data confidentiality : 37–46.
  178.  178. Dale A, Elliot M (2001) Proposals for 2001 samples of anonymized records: an assessment of disclosure risk. Journal of the Royal Statistical Society: Series A (Statistics in Society) 164: 427–447.
  179.  179. Pentland A (2009) Reality mining of mobile communications: Toward a new deal on data. The Global Information Technology Report 2008–2009 : 1981.